The European Union’s General Data Protection Regulation (GDPR), which came into force in May 2018, applies to all organizations that collect or process the personal data of people in Europe. Given the global digital markets of the 21st century, that’s just about all organizations worldwide. Other countries, regions and states are incorporating the core principles of GDPR into their own new data protection and data privacy requirements. One key new law is the California Consumer Privacy Act of 2018 (CCPA).
This white paper analyzes data from an in-depth survey of North American organizations about their plans for GDPR and CCPA compliance. It provide detailed information about the following key takeaways:
The GDPR and CCPA should not be treated as singular pieces of legislation, but more as the leading edge.
Many organizations subject to the GDPR are still not compliant.
CCPA introduces several of the GDPR’s core principles of data protection to the United States.
Concern among regulators about the misuse of personal data is growing, in large part due to high-profile data breaches and the inappropriate use of personal data for micro-targeting of advertising to sway elections.
All organizations that collect, control or process personal data need to step up their data protection measures, including adopting approaches and technologies to safeguard that data and ensure its authenticity and integrity.
Organizations that do not take appropriate steps will face steep fines, loss of reputation, loss of brand value and lost business opportunities.